IRM vs. GRC: What’s in a name? And what does this all mean? For many it means learning a new language and making old terms taboo. For others it means straddling both sides of the fence. And for others it doesn’t mean very much at all. Jason Rohlf explains.
Software doesn’t have to be old to be a clunker. Even new products can slow you down if they’re not designed with performance and scalability in mind. If you are tired of entering data, then getting up to refill your coffee while you wait for the system to update, then it may be time to ditch your clunker for a better model.
In jury selection, the prosecution and defense ask tough questions not because they want to embarrass people. They simply want to find 12 jurors best suited for the case. And so it goes in GRC consulting. We must ask difficult questions of our clients and ourselves. We must speak the truth in our answers. And we must be willing to accept the truth (even the hard truth) from our colleagues. That’s how we bring value to our engagements and continue to improve ourselves.
Spreadsheets are valuable tools, and we often work with teams that are transitioning from Excel or providing legacy data in spreadsheets. They are important and have their place in your organization. But are they meeting all your needs?
When our customers are establishing ERM and Policy Management programs within Onspring, the question of “who owns these risks/policies/controls?” comes up time and time again. Unfortunately, finding the right people to own process-level or content-level items can be quite challenging.
Each of the primary groups impacted by SOX—Management, Public Accountants and Internal Auditors—has more clearly defined what role they play in the overall process, and this definition has been carefully and thoughtfully refined over time. And while we have reached a much more structured and stable point in the SOX lifecycle, it’s never a bad idea to revisit and refresh our understanding of why this structure works. A big reason why we find ourselves in this more predictable state is that all involved parties have a much better understanding of their specific role in the process.
At Onspring Connect 2018, client presenters from 16 companies shared their creative uses of the Onspring platform to solve business challenges in internal audit, vendor management, risk assessment, internal controls and business operations. But only one of these organizations would go home with the coveted Innovation Award…or so we thought.
Is there ever a slow week in compliance-related news? Not that we can remember. It’s tough to keep up with the latest developments in legal and regulatory requirements, evolving industry standards and internal best practices for compliance professionals. Onspring is here to help. We’ve gathered articles, opinions and insights that will bring you up to speed.
Whether it’s an audit recommendation, a failed control test, an incident report or a third-party weakness, the risk of the “vanishing issue” is real. To get to the root of the problem, it’s important to understand why an issue may get lost.
Just because something involves less monetary expense does not mean it’s higher in value. Yet this is a common stumbling block for business teams that are moving to an automated tool from a manual process or outdated software. Excel is low-cost, that is true, but how long does it take to maintain your spreadsheets?
You may not be sweating over a pile of wood shavings, but perhaps you’re struggling with piles of paperwork, dated systems, unruly spreadsheets and other challenges that hold you back from doing your best work. Onspring is here to help with the right tool for the job.
I believe you’d be surprised at the number of organizations that do not have a fully structured approach to evaluating the effectiveness of their system of controls. Whether their approach is not formally defined and communicated, inconsistently applied and/or inefficiently managed and monitored, they are at risk of not fully understanding whether their controls are meeting their stated objectives or worse, being completely caught off guard by a critical control failure that could lead to much more serious issues. To that end, we offer the following considerations as you evaluate the effectiveness of your control testing program.